| apiVersion: v1 |
| kind: Namespace |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| control-plane: controller-manager |
| name: capi-kubeadm-bootstrap-system |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert |
| controller-gen.kubebuilder.io/version: v0.10.0 |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| cluster.x-k8s.io/v1alpha3: v1alpha3 |
| cluster.x-k8s.io/v1alpha4: v1alpha4 |
| cluster.x-k8s.io/v1beta1: v1beta1 |
| clusterctl.cluster.x-k8s.io: "" |
| name: kubeadmconfigs.bootstrap.cluster.x-k8s.io |
| spec: |
| conversion: |
| strategy: Webhook |
| webhook: |
| clientConfig: |
| caBundle: Cg== |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /convert |
| conversionReviewVersions: |
| - v1 |
| - v1beta1 |
| group: bootstrap.cluster.x-k8s.io |
| names: |
| categories: |
| - cluster-api |
| kind: KubeadmConfig |
| listKind: KubeadmConfigList |
| plural: kubeadmconfigs |
| singular: kubeadmconfig |
| scope: Namespaced |
| versions: |
| - name: v1alpha3 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfig is the Schema for the kubeadmconfigs API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be defined |
| or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the API server |
| control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative Names |
| for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout that |
| we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store or look |
| for all required certificates. NB: if not provided, this will |
| default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address or |
| DNS name for the control plane; it can be a valid IP address |
| or a RFC-1123 DNS subdomain, both with optional TCP port. In |
| case the ControlPlaneEndpoint is not specified, the AdvertiseAddress |
| + BindPort are used; in case the ControlPlaneEndpoint is specified |
| but without a TCP port, the BindPort is used. Possible usages |
| are: e.g. In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external load |
| balancer in front of the control plane instances. e.g. in environments |
| with enforced node recycling, the ControlPlaneEndpoint could |
| be used for assigning a stable DNS to the control plane. NB: |
| This value defaults to the first value in the Cluster object |
| status.apiEndpoints array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings for the |
| controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on installed |
| in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry to |
| pull images from. if not set, the ImageRepository defined |
| in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the image. |
| In case this value is set, kubeadm does not change automatically |
| the version of the above components during upgrades. |
| type: string |
| type: |
| description: Type defines the DNS add-on to be used |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This value |
| defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to an external |
| etcd cluster Local and External are mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority file |
| used to secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification file used |
| to secure etcd communication. Required if using a TLS |
| connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to secure |
| etcd communication. Required if using a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for configuring |
| the local etcd instance Local and External are mutually |
| exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will place |
| its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided to |
| the etcd binary when run inside a static pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the |
| image. In case this value is set, kubeadm does not change |
| automatically the version of the above components during |
| upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject Alternative |
| Names for the etcd server signing cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry to pull |
| images from. If empty, `k8s.gcr.io` will be used by default; |
| in case of kubernetes version is a CI build (kubernetes version |
| starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` |
| will be used as a default for control plane components and for |
| kube-proxy, while `k8s.gcr.io` will be used for all the other |
| images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version of the control |
| plane. NB: This value defaults to the Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to the Cluster |
| object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s services. |
| Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. If unset, |
| the API server will not allocate CIDR ranges for every node. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.services.cidrBlocks if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s services. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" |
| if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the scheduler |
| control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| useHyperKubeImage: |
| description: UseHyperKubeImage controls if hyperkube should be |
| used for Kubernetes components instead of their respective separate |
| images |
| type: boolean |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation of partition |
| tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems to |
| setup. |
| items: |
| description: Filesystem defines the file systems to be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to add to the |
| command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system type. |
| type: string |
| label: |
| description: Label specifies the file system label to be |
| used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to overwrite |
| any existing filesystem. If true, any pre-existing file |
| system will be destroyed. Use with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition to use. |
| The valid options are: "auto|any", "auto", "any", "none", |
| and <NUM>, where NUM is the actual partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, used for |
| Microsoft Azure that instructs cloud-init to replace a |
| file system of <FS_TYPE>. NOTE: unless you define a label, |
| this requires the use of the ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions to |
| setup. |
| items: |
| description: Partition defines how to create and layout a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. If it is |
| true, a single partition will be created for the entire |
| device. When layout is false, it means don't partition |
| or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip checks |
| and create the partition if a partition or filesystem |
| is found on the device. Use with caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default and |
| setups a MS-DOS partition table ''gpt'': setups a GPT |
| partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files in |
| cloud-init. |
| properties: |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content to |
| populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should populate |
| this file. |
| properties: |
| key: |
| description: Key is the key in the secret's data map |
| for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, e.g. |
| "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where to store |
| the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to assign |
| to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap data |
| enum: |
| - cloud-config |
| type: string |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm init` time |
| and describes a set of Bootstrap Tokens to create. This information |
| IS NOT uploaded to the kubeadm cluster configmap, partly because |
| of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap token, stored |
| as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message why |
| this token exists and what it's used for, so other administrators |
| can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when this token |
| expires. Defaults to being set dynamically at runtime |
| based on the TTL. Expires and TTL are mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that this |
| token will authenticate as when/if used for authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for joining |
| nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this token. |
| Defaults to 24h. Expires and TTL are mutually exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which this token |
| can be used. Can by default be used for establishing bidirectional |
| trust, but that can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the API |
| server instance that's deployed on this control plane node In |
| HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global endpoint |
| for the cluster, which then loadbalances the requests to each |
| individual API server. This configuration object lets you customize |
| what IP/DNS name and port the local API server advertises it's |
| accessible on. By default, kubeadm tries to auto-detect the |
| IP of the default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for the |
| API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API Server |
| to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| required: |
| - advertiseAddress |
| - bindPort |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: {}` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration for the |
| join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate authority |
| used to secure comunications between node and control-plane. |
| Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when |
| there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control plane |
| instance to be deployed on the joining node. If nil, no additional |
| control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the |
| API server instance to be deployed on this node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for |
| the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API |
| Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| required: |
| - advertiseAddress |
| - bindPort |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the kubelet |
| to use during the TLS Bootstrap process TODO: revisit when there |
| is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options for |
| bootstrap token based discovery BootstrapToken and File |
| are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain name |
| to the API server from which info will be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of public key |
| pins to verify when token-based discovery is used. The |
| root CA found during discovery must match one of these |
| values. Specifying an empty set disables root CA pinning, |
| which can be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject Public |
| Key Info (SPKI) object in DER-encoded ASN.1. These hashes |
| can be calculated using, for example, OpenSSL: openssl |
| x509 -pubkey -in ca.crt openssl rsa -pubin -outform |
| der 2>&/dev/null | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate cluster |
| information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since other |
| nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| - unsafeSkipCAVerification |
| type: object |
| file: |
| description: File is used to specify a file or URL to a kubeconfig |
| file from which to load cluster information BootstrapToken |
| and File are mutually exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify the actual |
| file path or URL to the kubeconfig file from which to |
| load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: 'TLSBootstrapToken is a token used for TLS bootstrapping. |
| If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, |
| but can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain any |
| other authentication information TODO: revisit when there |
| is defaulting from k/k' |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: {}` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be setup. |
| items: |
| description: MountPoints defines input for generated mounts in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands to run after |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to run before |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm command |
| with a shell script with retries for joins. \n This is meant to |
| be an experimental temporary workaround on some environments where |
| joins fail due to timing (and other issues). The long term goal |
| is to add retries to kubeadm proper and use that functionality. |
| \n This will add about 40KB to userdata \n For more information, |
| refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the user |
| type: string |
| groups: |
| description: Groups specifies the additional groups for the |
| user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to use for |
| the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the user as |
| inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login should |
| be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for the user |
| type: string |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group for the |
| user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh authorized |
| keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level verbosity. |
| It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| status: |
| description: KubeadmConfigStatus defines the observed state of KubeadmConfig. |
| properties: |
| bootstrapData: |
| description: "BootstrapData will be a cloud-init script for now. \n |
| Deprecated: Switch to DataSecretName." |
| format: byte |
| type: string |
| conditions: |
| description: Conditions defines current service state of the KubeadmConfig. |
| items: |
| description: Condition defines an observation of a Cluster API resource |
| operational state. |
| properties: |
| lastTransitionTime: |
| description: Last time the condition transitioned from one status |
| to another. This should be when the underlying condition changed. |
| If that is not known, then using the time when the API field |
| changed is acceptable. |
| format: date-time |
| type: string |
| message: |
| description: A human readable message indicating details about |
| the transition. This field may be empty. |
| type: string |
| reason: |
| description: The reason for the condition's last transition |
| in CamelCase. The specific API may choose whether or not this |
| field is considered a guaranteed API. This field may not be |
| empty. |
| type: string |
| severity: |
| description: Severity provides an explicit classification of |
| Reason code, so the users or machines can immediately understand |
| the current situation and act accordingly. The Severity field |
| MUST be set only when Status=False. |
| type: string |
| status: |
| description: Status of the condition, one of True, False, Unknown. |
| type: string |
| type: |
| description: Type of condition in CamelCase or in foo.example.com/CamelCase. |
| Many .condition.type values are consistent across resources |
| like Available, but because arbitrary conditions can be useful |
| (see .node.status.conditions), the ability to deconflict is |
| important. |
| type: string |
| required: |
| - status |
| - type |
| type: object |
| type: array |
| dataSecretName: |
| description: DataSecretName is the name of the secret that stores |
| the bootstrap data script. |
| type: string |
| failureMessage: |
| description: FailureMessage will be set on non-retryable errors |
| type: string |
| failureReason: |
| description: FailureReason will be set on non-retryable errors |
| type: string |
| observedGeneration: |
| description: ObservedGeneration is the latest generation observed |
| by the controller. |
| format: int64 |
| type: integer |
| ready: |
| description: Ready indicates the BootstrapData field is ready to be |
| consumed |
| type: boolean |
| type: object |
| type: object |
| served: true |
| storage: false |
| subresources: |
| status: {} |
| - additionalPrinterColumns: |
| - description: Time duration since creation of KubeadmConfig |
| jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1alpha4 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfig is the Schema for the kubeadmconfigs API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be defined |
| or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the API server |
| control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative Names |
| for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout that |
| we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store or look |
| for all required certificates. NB: if not provided, this will |
| default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address or |
| DNS name for the control plane; it can be a valid IP address |
| or a RFC-1123 DNS subdomain, both with optional TCP port. In |
| case the ControlPlaneEndpoint is not specified, the AdvertiseAddress |
| + BindPort are used; in case the ControlPlaneEndpoint is specified |
| but without a TCP port, the BindPort is used. Possible usages |
| are: e.g. In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external load |
| balancer in front of the control plane instances. e.g. in environments |
| with enforced node recycling, the ControlPlaneEndpoint could |
| be used for assigning a stable DNS to the control plane. NB: |
| This value defaults to the first value in the Cluster object |
| status.apiEndpoints array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings for the |
| controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on installed |
| in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry to |
| pull images from. if not set, the ImageRepository defined |
| in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the image. |
| In case this value is set, kubeadm does not change automatically |
| the version of the above components during upgrades. |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This value |
| defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to an external |
| etcd cluster Local and External are mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority file |
| used to secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification file used |
| to secure etcd communication. Required if using a TLS |
| connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to secure |
| etcd communication. Required if using a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for configuring |
| the local etcd instance Local and External are mutually |
| exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will place |
| its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided to |
| the etcd binary when run inside a static pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the |
| image. In case this value is set, kubeadm does not change |
| automatically the version of the above components during |
| upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject Alternative |
| Names for the etcd server signing cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry to pull |
| images from. If empty, `registry.k8s.io` will be used by default; |
| in case of kubernetes version is a CI build (kubernetes version |
| starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` |
| will be used as a default for control plane components and for |
| kube-proxy, while `registry.k8s.io` will be used for all the |
| other images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version of the control |
| plane. NB: This value defaults to the Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to the Cluster |
| object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s services. |
| Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. If unset, |
| the API server will not allocate CIDR ranges for every node. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.services.cidrBlocks if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s services. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" |
| if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the scheduler |
| control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation of partition |
| tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems to |
| setup. |
| items: |
| description: Filesystem defines the file systems to be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to add to the |
| command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system type. |
| type: string |
| label: |
| description: Label specifies the file system label to be |
| used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to overwrite |
| any existing filesystem. If true, any pre-existing file |
| system will be destroyed. Use with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition to use. |
| The valid options are: "auto|any", "auto", "any", "none", |
| and <NUM>, where NUM is the actual partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, used for |
| Microsoft Azure that instructs cloud-init to replace a |
| file system of <FS_TYPE>. NOTE: unless you define a label, |
| this requires the use of the ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions to |
| setup. |
| items: |
| description: Partition defines how to create and layout a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. If it is |
| true, a single partition will be created for the entire |
| device. When layout is false, it means don't partition |
| or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip checks |
| and create the partition if a partition or filesystem |
| is found on the device. Use with caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default and |
| setups a MS-DOS partition table ''gpt'': setups a GPT |
| partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files in |
| cloud-init. |
| properties: |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content to |
| populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should populate |
| this file. |
| properties: |
| key: |
| description: Key is the key in the secret's data map |
| for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, e.g. |
| "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where to store |
| the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to assign |
| to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap data |
| enum: |
| - cloud-config |
| type: string |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm init` time |
| and describes a set of Bootstrap Tokens to create. This information |
| IS NOT uploaded to the kubeadm cluster configmap, partly because |
| of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap token, stored |
| as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message why |
| this token exists and what it's used for, so other administrators |
| can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when this token |
| expires. Defaults to being set dynamically at runtime |
| based on the TTL. Expires and TTL are mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that this |
| token will authenticate as when/if used for authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for joining |
| nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this token. |
| Defaults to 24h. Expires and TTL are mutually exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which this token |
| can be used. Can by default be used for establishing bidirectional |
| trust, but that can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the API |
| server instance that's deployed on this control plane node In |
| HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global endpoint |
| for the cluster, which then loadbalances the requests to each |
| individual API server. This configuration object lets you customize |
| what IP/DNS name and port the local API server advertises it's |
| accessible on. By default, kubeadm tries to auto-detect the |
| IP of the default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for the |
| API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API Server |
| to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice of pre-flight |
| errors to be ignored when the current node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: {}` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration for the |
| join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate authority |
| used to secure comunications between node and control-plane. |
| Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when |
| there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control plane |
| instance to be deployed on the joining node. If nil, no additional |
| control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the |
| API server instance to be deployed on this node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for |
| the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API |
| Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the kubelet |
| to use during the TLS Bootstrap process TODO: revisit when there |
| is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options for |
| bootstrap token based discovery BootstrapToken and File |
| are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain name |
| to the API server from which info will be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of public key |
| pins to verify when token-based discovery is used. The |
| root CA found during discovery must match one of these |
| values. Specifying an empty set disables root CA pinning, |
| which can be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject Public |
| Key Info (SPKI) object in DER-encoded ASN.1. These hashes |
| can be calculated using, for example, OpenSSL: openssl |
| x509 -pubkey -in ca.crt openssl rsa -pubin -outform |
| der 2>&/dev/null | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate cluster |
| information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since other |
| nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| type: object |
| file: |
| description: File is used to specify a file or URL to a kubeconfig |
| file from which to load cluster information BootstrapToken |
| and File are mutually exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify the actual |
| file path or URL to the kubeconfig file from which to |
| load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: TLSBootstrapToken is a token used for TLS bootstrapping. |
| If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, |
| but can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain any |
| other authentication information |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice of pre-flight |
| errors to be ignored when the current node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: {}` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be setup. |
| items: |
| description: MountPoints defines input for generated mounts in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands to run after |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to run before |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm command |
| with a shell script with retries for joins. \n This is meant to |
| be an experimental temporary workaround on some environments where |
| joins fail due to timing (and other issues). The long term goal |
| is to add retries to kubeadm proper and use that functionality. |
| \n This will add about 40KB to userdata \n For more information, |
| refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the user |
| type: string |
| groups: |
| description: Groups specifies the additional groups for the |
| user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to use for |
| the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the user as |
| inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login should |
| be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for the user |
| type: string |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group for the |
| user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh authorized |
| keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level verbosity. |
| It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| status: |
| description: KubeadmConfigStatus defines the observed state of KubeadmConfig. |
| properties: |
| conditions: |
| description: Conditions defines current service state of the KubeadmConfig. |
| items: |
| description: Condition defines an observation of a Cluster API resource |
| operational state. |
| properties: |
| lastTransitionTime: |
| description: Last time the condition transitioned from one status |
| to another. This should be when the underlying condition changed. |
| If that is not known, then using the time when the API field |
| changed is acceptable. |
| format: date-time |
| type: string |
| message: |
| description: A human readable message indicating details about |
| the transition. This field may be empty. |
| type: string |
| reason: |
| description: The reason for the condition's last transition |
| in CamelCase. The specific API may choose whether or not this |
| field is considered a guaranteed API. This field may not be |
| empty. |
| type: string |
| severity: |
| description: Severity provides an explicit classification of |
| Reason code, so the users or machines can immediately understand |
| the current situation and act accordingly. The Severity field |
| MUST be set only when Status=False. |
| type: string |
| status: |
| description: Status of the condition, one of True, False, Unknown. |
| type: string |
| type: |
| description: Type of condition in CamelCase or in foo.example.com/CamelCase. |
| Many .condition.type values are consistent across resources |
| like Available, but because arbitrary conditions can be useful |
| (see .node.status.conditions), the ability to deconflict is |
| important. |
| type: string |
| required: |
| - status |
| - type |
| type: object |
| type: array |
| dataSecretName: |
| description: DataSecretName is the name of the secret that stores |
| the bootstrap data script. |
| type: string |
| failureMessage: |
| description: FailureMessage will be set on non-retryable errors |
| type: string |
| failureReason: |
| description: FailureReason will be set on non-retryable errors |
| type: string |
| observedGeneration: |
| description: ObservedGeneration is the latest generation observed |
| by the controller. |
| format: int64 |
| type: integer |
| ready: |
| description: Ready indicates the BootstrapData field is ready to be |
| consumed |
| type: boolean |
| type: object |
| type: object |
| served: true |
| storage: false |
| subresources: |
| status: {} |
| - additionalPrinterColumns: |
| - description: Cluster |
| jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] |
| name: Cluster |
| type: string |
| - description: Time duration since creation of KubeadmConfig |
| jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1beta1 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfig is the Schema for the kubeadmconfigs API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be defined |
| or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the API server |
| control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative Names |
| for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout that |
| we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store or look |
| for all required certificates. NB: if not provided, this will |
| default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address or |
| DNS name for the control plane; it can be a valid IP address |
| or a RFC-1123 DNS subdomain, both with optional TCP port. In |
| case the ControlPlaneEndpoint is not specified, the AdvertiseAddress |
| + BindPort are used; in case the ControlPlaneEndpoint is specified |
| but without a TCP port, the BindPort is used. Possible usages |
| are: e.g. In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external load |
| balancer in front of the control plane instances. e.g. in environments |
| with enforced node recycling, the ControlPlaneEndpoint could |
| be used for assigning a stable DNS to the control plane. NB: |
| This value defaults to the first value in the Cluster object |
| status.apiEndpoints array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings for the |
| controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on installed |
| in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry to |
| pull images from. if not set, the ImageRepository defined |
| in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the image. |
| In case this value is set, kubeadm does not change automatically |
| the version of the above components during upgrades. |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This value |
| defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to an external |
| etcd cluster Local and External are mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority file |
| used to secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification file used |
| to secure etcd communication. Required if using a TLS |
| connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to secure |
| etcd communication. Required if using a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for configuring |
| the local etcd instance Local and External are mutually |
| exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will place |
| its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided to |
| the etcd binary when run inside a static pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for the |
| image. In case this value is set, kubeadm does not change |
| automatically the version of the above components during |
| upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject Alternative |
| Names for the etcd server signing cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry to pull |
| images from. If empty, `registry.k8s.io` will be used by default; |
| in case of kubernetes version is a CI build (kubernetes version |
| starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` |
| will be used as a default for control plane components and for |
| kube-proxy, while `registry.k8s.io` will be used for all the |
| other images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version of the control |
| plane. NB: This value defaults to the Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to the Cluster |
| object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s services. |
| Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. If unset, |
| the API server will not allocate CIDR ranges for every node. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.services.cidrBlocks if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s services. |
| Defaults to a comma-delimited string of the Cluster object's |
| spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" |
| if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the scheduler |
| control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to pass to |
| the control plane component. TODO: This is temporary and |
| ideally we would like to switch all components to use ComponentConfig |
| + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host volumes, |
| mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host that will |
| be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the pod where |
| hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation of partition |
| tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems to |
| setup. |
| items: |
| description: Filesystem defines the file systems to be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to add to the |
| command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system type. |
| type: string |
| label: |
| description: Label specifies the file system label to be |
| used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to overwrite |
| any existing filesystem. If true, any pre-existing file |
| system will be destroyed. Use with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition to use. |
| The valid options are: "auto|any", "auto", "any", "none", |
| and <NUM>, where NUM is the actual partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, used for |
| Microsoft Azure that instructs cloud-init to replace a |
| file system of <FS_TYPE>. NOTE: unless you define a label, |
| this requires the use of the ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions to |
| setup. |
| items: |
| description: Partition defines how to create and layout a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. If it is |
| true, a single partition will be created for the entire |
| device. When layout is false, it means don't partition |
| or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip checks |
| and create the partition if a partition or filesystem |
| is found on the device. Use with caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default and |
| setups a MS-DOS partition table ''gpt'': setups a GPT |
| partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files in |
| cloud-init. |
| properties: |
| append: |
| description: Append specifies whether to append Content to existing |
| file if Path exists. |
| type: boolean |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content to |
| populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should populate |
| this file. |
| properties: |
| key: |
| description: Key is the key in the secret's data map |
| for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, e.g. |
| "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where to store |
| the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to assign |
| to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap data |
| enum: |
| - cloud-config |
| - ignition |
| type: string |
| ignition: |
| description: Ignition contains Ignition specific configuration. |
| properties: |
| containerLinuxConfig: |
| description: ContainerLinuxConfig contains CLC specific configuration. |
| properties: |
| additionalConfig: |
| description: "AdditionalConfig contains additional configuration |
| to be merged with the Ignition configuration generated by |
| the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging |
| \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" |
| type: string |
| strict: |
| description: Strict controls if AdditionalConfig should be |
| strictly parsed. If so, warnings are treated as errors. |
| type: boolean |
| type: object |
| type: object |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration are |
| the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm init` time |
| and describes a set of Bootstrap Tokens to create. This information |
| IS NOT uploaded to the kubeadm cluster configmap, partly because |
| of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap token, stored |
| as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message why |
| this token exists and what it's used for, so other administrators |
| can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when this token |
| expires. Defaults to being set dynamically at runtime |
| based on the TTL. Expires and TTL are mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that this |
| token will authenticate as when/if used for authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for joining |
| nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this token. |
| Defaults to 24h. Expires and TTL are mutually exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which this token |
| can be used. Can by default be used for establishing bidirectional |
| trust, but that can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the API |
| server instance that's deployed on this control plane node In |
| HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global endpoint |
| for the cluster, which then loadbalances the requests to each |
| individual API server. This configuration object lets you customize |
| what IP/DNS name and port the local API server advertises it's |
| accessible on. By default, kubeadm tries to auto-detect the |
| IP of the default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for the |
| API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API Server |
| to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice of pre-flight |
| errors to be ignored when the current node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: []` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| patches: |
| description: Patches contains options related to applying patches |
| to components deployed by kubeadm during "kubeadm init". The |
| minimum kubernetes version needed to support Patches is v1.22 |
| properties: |
| directory: |
| description: Directory is a path to a directory that contains |
| files named "target[suffix][+patchtype].extension". For |
| example, "kube-apiserver0+merge.yaml" or just "etcd.json". |
| "target" can be one of "kube-apiserver", "kube-controller-manager", |
| "kube-scheduler", "etcd". "patchtype" can be one of "strategic" |
| "merge" or "json" and they match the patch formats supported |
| by kubectl. The default "patchtype" is "strategic". "extension" |
| must be either "json" or "yaml". "suffix" is an optional |
| string that can be used to determine which patches are applied |
| first alpha-numerically. These files can be written into |
| the target directory via KubeadmConfig.Files which specifies |
| additional files to be created on the machine, either with |
| content inline or by referencing a secret. |
| type: string |
| type: object |
| skipPhases: |
| description: SkipPhases is a list of phases to skip during command |
| execution. The list of phases can be obtained with the "kubeadm |
| init --help" command. This option takes effect only on Kubernetes |
| >=1.22.0. |
| items: |
| type: string |
| type: array |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration for the |
| join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this |
| representation of an object. Servers should convert recognized |
| schemas to the latest internal value, and may reject unrecognized |
| values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate authority |
| used to secure comunications between node and control-plane. |
| Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when |
| there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control plane |
| instance to be deployed on the joining node. If nil, no additional |
| control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint of the |
| API server instance to be deployed on this node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address for |
| the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the API |
| Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the kubelet |
| to use during the TLS Bootstrap process TODO: revisit when there |
| is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options for |
| bootstrap token based discovery BootstrapToken and File |
| are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain name |
| to the API server from which info will be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of public key |
| pins to verify when token-based discovery is used. The |
| root CA found during discovery must match one of these |
| values. Specifying an empty set disables root CA pinning, |
| which can be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject Public |
| Key Info (SPKI) object in DER-encoded ASN.1. These hashes |
| can be calculated using, for example, OpenSSL: openssl |
| x509 -pubkey -in ca.crt openssl rsa -pubin -outform |
| der 2>&/dev/null | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate cluster |
| information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since other |
| nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| type: object |
| file: |
| description: File is used to specify a file or URL to a kubeconfig |
| file from which to load cluster information BootstrapToken |
| and File are mutually exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify the actual |
| file path or URL to the kubeconfig file from which to |
| load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: TLSBootstrapToken is a token used for TLS bootstrapping. |
| If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, |
| but can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain any |
| other authentication information |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the REST resource |
| this object represents. Servers may infer this from the endpoint |
| the client submits requests to. Cannot be updated. In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate to registering |
| the new control-plane node to the cluster. When used in the |
| context of control plane nodes, NodeRegistration should remain |
| consistent across both InitConfiguration and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container runtime |
| info. This information will be annotated to the Node API |
| object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice of pre-flight |
| errors to be ignored when the current node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra arguments |
| to the kubelet. The arguments here are passed to the kubelet |
| command line via the environment file kubeadm writes at |
| runtime for the kubelet to source. This overrides the generic |
| base-level configuration in the kubelet-config-1.X ConfigMap |
| Flags have higher priority when parsing. These values are |
| local and specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of the Node |
| API object that will be created in this `kubeadm init` or |
| `kubeadm join` operation. This field is also used in the |
| CommonName field of the kubelet's client certificate to |
| the API server. Defaults to the hostname of the node if |
| not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node API object |
| should be registered with. If this field is unset, i.e. |
| nil, in the `kubeadm init` process it will be defaulted |
| to []v1.Taint{''node-role.kubernetes.io/master=""''}. If |
| you don''t want to taint your control-plane node, set this |
| field to an empty slice, i.e. `taints: []` in the YAML file. |
| This field is solely used for Node registration.' |
| items: |
| description: The node this Taint is attached to has the |
| "effect" on any pod that does not tolerate the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint on pods |
| that do not tolerate the taint. Valid effects are |
| NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied to |
| a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at which |
| the taint was added. It is only written for NoExecute |
| taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to the taint |
| key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| patches: |
| description: Patches contains options related to applying patches |
| to components deployed by kubeadm during "kubeadm join". The |
| minimum kubernetes version needed to support Patches is v1.22 |
| properties: |
| directory: |
| description: Directory is a path to a directory that contains |
| files named "target[suffix][+patchtype].extension". For |
| example, "kube-apiserver0+merge.yaml" or just "etcd.json". |
| "target" can be one of "kube-apiserver", "kube-controller-manager", |
| "kube-scheduler", "etcd". "patchtype" can be one of "strategic" |
| "merge" or "json" and they match the patch formats supported |
| by kubectl. The default "patchtype" is "strategic". "extension" |
| must be either "json" or "yaml". "suffix" is an optional |
| string that can be used to determine which patches are applied |
| first alpha-numerically. These files can be written into |
| the target directory via KubeadmConfig.Files which specifies |
| additional files to be created on the machine, either with |
| content inline or by referencing a secret. |
| type: string |
| type: object |
| skipPhases: |
| description: SkipPhases is a list of phases to skip during command |
| execution. The list of phases can be obtained with the "kubeadm |
| init --help" command. This option takes effect only on Kubernetes |
| >=1.22.0. |
| items: |
| type: string |
| type: array |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be setup. |
| items: |
| description: MountPoints defines input for generated mounts in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands to run after |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to run before |
| kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm command |
| with a shell script with retries for joins. \n This is meant to |
| be an experimental temporary workaround on some environments where |
| joins fail due to timing (and other issues). The long term goal |
| is to add retries to kubeadm proper and use that functionality. |
| \n This will add about 40KB to userdata \n For more information, |
| refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. |
| \n Deprecated: This experimental fix is no longer needed and this |
| field will be removed in a future release. When removing also remove |
| from staticcheck exclude-rules for SA1019 in golangci.yml" |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the user |
| type: string |
| groups: |
| description: Groups specifies the additional groups for the |
| user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to use for |
| the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the user as |
| inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login should |
| be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for the user |
| type: string |
| passwdFrom: |
| description: PasswdFrom is a referenced source of passwd to |
| populate the passwd. |
| properties: |
| secret: |
| description: Secret represents a secret that should populate |
| this password. |
| properties: |
| key: |
| description: Key is the key in the secret's data map |
| for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group for the |
| user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh authorized |
| keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level verbosity. |
| It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| status: |
| description: KubeadmConfigStatus defines the observed state of KubeadmConfig. |
| properties: |
| conditions: |
| description: Conditions defines current service state of the KubeadmConfig. |
| items: |
| description: Condition defines an observation of a Cluster API resource |
| operational state. |
| properties: |
| lastTransitionTime: |
| description: Last time the condition transitioned from one status |
| to another. This should be when the underlying condition changed. |
| If that is not known, then using the time when the API field |
| changed is acceptable. |
| format: date-time |
| type: string |
| message: |
| description: A human readable message indicating details about |
| the transition. This field may be empty. |
| type: string |
| reason: |
| description: The reason for the condition's last transition |
| in CamelCase. The specific API may choose whether or not this |
| field is considered a guaranteed API. This field may not be |
| empty. |
| type: string |
| severity: |
| description: Severity provides an explicit classification of |
| Reason code, so the users or machines can immediately understand |
| the current situation and act accordingly. The Severity field |
| MUST be set only when Status=False. |
| type: string |
| status: |
| description: Status of the condition, one of True, False, Unknown. |
| type: string |
| type: |
| description: Type of condition in CamelCase or in foo.example.com/CamelCase. |
| Many .condition.type values are consistent across resources |
| like Available, but because arbitrary conditions can be useful |
| (see .node.status.conditions), the ability to deconflict is |
| important. |
| type: string |
| required: |
| - lastTransitionTime |
| - status |
| - type |
| type: object |
| type: array |
| dataSecretName: |
| description: DataSecretName is the name of the secret that stores |
| the bootstrap data script. |
| type: string |
| failureMessage: |
| description: FailureMessage will be set on non-retryable errors |
| type: string |
| failureReason: |
| description: FailureReason will be set on non-retryable errors |
| type: string |
| observedGeneration: |
| description: ObservedGeneration is the latest generation observed |
| by the controller. |
| format: int64 |
| type: integer |
| ready: |
| description: Ready indicates the BootstrapData field is ready to be |
| consumed |
| type: boolean |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
| status: |
| acceptedNames: |
| kind: "" |
| plural: "" |
| conditions: null |
| storedVersions: null |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert |
| controller-gen.kubebuilder.io/version: v0.10.0 |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| cluster.x-k8s.io/v1alpha3: v1alpha3 |
| cluster.x-k8s.io/v1alpha4: v1alpha4 |
| cluster.x-k8s.io/v1beta1: v1beta1 |
| clusterctl.cluster.x-k8s.io: "" |
| name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io |
| spec: |
| conversion: |
| strategy: Webhook |
| webhook: |
| clientConfig: |
| caBundle: Cg== |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /convert |
| conversionReviewVersions: |
| - v1 |
| - v1beta1 |
| group: bootstrap.cluster.x-k8s.io |
| names: |
| categories: |
| - cluster-api |
| kind: KubeadmConfigTemplate |
| listKind: KubeadmConfigTemplateList |
| plural: kubeadmconfigtemplates |
| singular: kubeadmconfigtemplate |
| scope: Namespaced |
| versions: |
| - name: v1alpha3 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates |
| API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. |
| properties: |
| template: |
| description: KubeadmConfigTemplateResource defines the Template structure. |
| properties: |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be |
| defined or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the |
| API server control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative |
| Names for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout |
| that we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store |
| or look for all required certificates. NB: if not provided, |
| this will default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address |
| or DNS name for the control plane; it can be a valid |
| IP address or a RFC-1123 DNS subdomain, both with optional |
| TCP port. In case the ControlPlaneEndpoint is not specified, |
| the AdvertiseAddress + BindPort are used; in case the |
| ControlPlaneEndpoint is specified but without a TCP |
| port, the BindPort is used. Possible usages are: e.g. |
| In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external |
| load balancer in front of the control plane instances. |
| e.g. in environments with enforced node recycling, |
| the ControlPlaneEndpoint could be used for assigning |
| a stable DNS to the control plane. NB: This value defaults |
| to the first value in the Cluster object status.apiEndpoints |
| array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings |
| for the controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on |
| installed in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for |
| the image. In case this value is set, kubeadm does |
| not change automatically the version of the above |
| components during upgrades. |
| type: string |
| type: |
| description: Type defines the DNS add-on to be used |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This |
| value defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to |
| an external etcd cluster Local and External are |
| mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required |
| for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to |
| secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for |
| configuring the local etcd instance Local and External |
| are mutually exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will |
| place its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided |
| to the etcd binary when run inside a static |
| pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container |
| registry to pull images from. if not set, the |
| ImageRepository defined in ClusterConfiguration |
| will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag |
| for the image. In case this value is set, kubeadm |
| does not change automatically the version of |
| the above components during upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject |
| Alternative Names for the etcd server signing |
| cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. If empty, `k8s.gcr.io` will be |
| used by default; in case of kubernetes version is a |
| CI build (kubernetes version starts with `ci/` or `ci-cross/`) |
| `gcr.io/k8s-staging-ci-images` will be used as a default |
| for control plane components and for kube-proxy, while |
| `k8s.gcr.io` will be used for all the other images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version |
| of the control plane. NB: This value defaults to the |
| Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to |
| the Cluster object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s |
| services. Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. |
| If unset, the API server will not allocate CIDR |
| ranges for every node. Defaults to a comma-delimited |
| string of the Cluster object's spec.clusterNetwork.services.cidrBlocks |
| if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s |
| services. Defaults to a comma-delimited string of |
| the Cluster object's spec.clusterNetwork.pods.cidrBlocks, |
| or to "10.96.0.0/12" if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the |
| scheduler control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| useHyperKubeImage: |
| description: UseHyperKubeImage controls if hyperkube should |
| be used for Kubernetes components instead of their respective |
| separate images |
| type: boolean |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation |
| of partition tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems |
| to setup. |
| items: |
| description: Filesystem defines the file systems to |
| be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to |
| add to the command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system |
| type. |
| type: string |
| label: |
| description: Label specifies the file system label |
| to be used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to |
| overwrite any existing filesystem. If true, any |
| pre-existing file system will be destroyed. Use |
| with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition |
| to use. The valid options are: "auto|any", "auto", |
| "any", "none", and <NUM>, where NUM is the actual |
| partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, |
| used for Microsoft Azure that instructs cloud-init |
| to replace a file system of <FS_TYPE>. NOTE: unless |
| you define a label, this requires the use of the |
| ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions |
| to setup. |
| items: |
| description: Partition defines how to create and layout |
| a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. |
| If it is true, a single partition will be created |
| for the entire device. When layout is false, it |
| means don't partition or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip |
| checks and create the partition if a partition |
| or filesystem is found on the device. Use with |
| caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default |
| and setups a MS-DOS partition table ''gpt'': setups |
| a GPT partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files |
| in cloud-init. |
| properties: |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content |
| to populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should |
| populate this file. |
| properties: |
| key: |
| description: Key is the key in the secret's |
| data map for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the |
| file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, |
| e.g. "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where |
| to store the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to |
| assign to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap |
| data |
| enum: |
| - cloud-config |
| type: string |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm |
| init` time and describes a set of Bootstrap Tokens to |
| create. This information IS NOT uploaded to the kubeadm |
| cluster configmap, partly because of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap |
| token, stored as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message |
| why this token exists and what it's used for, |
| so other administrators can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when |
| this token expires. Defaults to being set dynamically |
| at runtime based on the TTL. Expires and TTL are |
| mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that |
| this token will authenticate as when/if used for |
| authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for |
| joining nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this |
| token. Defaults to 24h. Expires and TTL are mutually |
| exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which |
| this token can be used. Can by default be used |
| for establishing bidirectional trust, but that |
| can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance that's deployed on this control |
| plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global |
| endpoint for the cluster, which then loadbalances the |
| requests to each individual API server. This configuration |
| object lets you customize what IP/DNS name and port |
| the local API server advertises it's accessible on. |
| By default, kubeadm tries to auto-detect the IP of the |
| default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the |
| API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| required: |
| - advertiseAddress |
| - bindPort |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| {}` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration |
| for the join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate |
| authority used to secure comunications between node |
| and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". |
| TODO: revisit when there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control |
| plane instance to be deployed on the joining node. If |
| nil, no additional control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance to be deployed on this |
| node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for |
| the API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| required: |
| - advertiseAddress |
| - bindPort |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the |
| kubelet to use during the TLS Bootstrap process TODO: |
| revisit when there is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options |
| for bootstrap token based discovery BootstrapToken |
| and File are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain |
| name to the API server from which info will |
| be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of |
| public key pins to verify when token-based discovery |
| is used. The root CA found during discovery |
| must match one of these values. Specifying an |
| empty set disables root CA pinning, which can |
| be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject |
| Public Key Info (SPKI) object in DER-encoded |
| ASN.1. These hashes can be calculated using, |
| for example, OpenSSL: openssl x509 -pubkey -in |
| ca.crt openssl rsa -pubin -outform der 2>&/dev/null |
| | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate |
| cluster information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since |
| other nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| - unsafeSkipCAVerification |
| type: object |
| file: |
| description: File is used to specify a file or URL |
| to a kubeconfig file from which to load cluster |
| information BootstrapToken and File are mutually |
| exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify |
| the actual file path or URL to the kubeconfig |
| file from which to load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: 'TLSBootstrapToken is a token used for |
| TLS bootstrapping. If .BootstrapToken is set, this |
| field is defaulted to .BootstrapToken.Token, but |
| can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain |
| any other authentication information TODO: revisit |
| when there is defaulting from k/k' |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| {}` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be |
| setup. |
| items: |
| description: MountPoints defines input for generated mounts |
| in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands |
| to run after kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to |
| run before kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm |
| command with a shell script with retries for joins. \n This |
| is meant to be an experimental temporary workaround on some |
| environments where joins fail due to timing (and other issues). |
| The long term goal is to add retries to kubeadm proper and |
| use that functionality. \n This will add about 40KB to userdata |
| \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user |
| in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the |
| user |
| type: string |
| groups: |
| description: Groups specifies the additional groups |
| for the user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to |
| use for the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the |
| user as inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login |
| should be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for |
| the user |
| type: string |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group |
| for the user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh |
| authorized keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level |
| verbosity. It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| required: |
| - template |
| type: object |
| type: object |
| served: true |
| storage: false |
| - additionalPrinterColumns: |
| - description: Time duration since creation of KubeadmConfigTemplate |
| jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1alpha4 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates |
| API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. |
| properties: |
| template: |
| description: KubeadmConfigTemplateResource defines the Template structure. |
| properties: |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be |
| defined or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the |
| API server control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative |
| Names for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout |
| that we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store |
| or look for all required certificates. NB: if not provided, |
| this will default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address |
| or DNS name for the control plane; it can be a valid |
| IP address or a RFC-1123 DNS subdomain, both with optional |
| TCP port. In case the ControlPlaneEndpoint is not specified, |
| the AdvertiseAddress + BindPort are used; in case the |
| ControlPlaneEndpoint is specified but without a TCP |
| port, the BindPort is used. Possible usages are: e.g. |
| In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external |
| load balancer in front of the control plane instances. |
| e.g. in environments with enforced node recycling, |
| the ControlPlaneEndpoint could be used for assigning |
| a stable DNS to the control plane. NB: This value defaults |
| to the first value in the Cluster object status.apiEndpoints |
| array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings |
| for the controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on |
| installed in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for |
| the image. In case this value is set, kubeadm does |
| not change automatically the version of the above |
| components during upgrades. |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This |
| value defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to |
| an external etcd cluster Local and External are |
| mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required |
| for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to |
| secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for |
| configuring the local etcd instance Local and External |
| are mutually exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will |
| place its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided |
| to the etcd binary when run inside a static |
| pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container |
| registry to pull images from. if not set, the |
| ImageRepository defined in ClusterConfiguration |
| will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag |
| for the image. In case this value is set, kubeadm |
| does not change automatically the version of |
| the above components during upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject |
| Alternative Names for the etcd server signing |
| cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. If empty, `registry.k8s.io` will |
| be used by default; in case of kubernetes version is |
| a CI build (kubernetes version starts with `ci/` or |
| `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be |
| used as a default for control plane components and for |
| kube-proxy, while `registry.k8s.io` will be used for |
| all the other images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version |
| of the control plane. NB: This value defaults to the |
| Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to |
| the Cluster object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s |
| services. Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. |
| If unset, the API server will not allocate CIDR |
| ranges for every node. Defaults to a comma-delimited |
| string of the Cluster object's spec.clusterNetwork.services.cidrBlocks |
| if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s |
| services. Defaults to a comma-delimited string of |
| the Cluster object's spec.clusterNetwork.pods.cidrBlocks, |
| or to "10.96.0.0/12" if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the |
| scheduler control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation |
| of partition tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems |
| to setup. |
| items: |
| description: Filesystem defines the file systems to |
| be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to |
| add to the command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system |
| type. |
| type: string |
| label: |
| description: Label specifies the file system label |
| to be used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to |
| overwrite any existing filesystem. If true, any |
| pre-existing file system will be destroyed. Use |
| with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition |
| to use. The valid options are: "auto|any", "auto", |
| "any", "none", and <NUM>, where NUM is the actual |
| partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, |
| used for Microsoft Azure that instructs cloud-init |
| to replace a file system of <FS_TYPE>. NOTE: unless |
| you define a label, this requires the use of the |
| ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions |
| to setup. |
| items: |
| description: Partition defines how to create and layout |
| a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. |
| If it is true, a single partition will be created |
| for the entire device. When layout is false, it |
| means don't partition or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip |
| checks and create the partition if a partition |
| or filesystem is found on the device. Use with |
| caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default |
| and setups a MS-DOS partition table ''gpt'': setups |
| a GPT partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files |
| in cloud-init. |
| properties: |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content |
| to populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should |
| populate this file. |
| properties: |
| key: |
| description: Key is the key in the secret's |
| data map for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the |
| file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, |
| e.g. "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where |
| to store the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to |
| assign to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap |
| data |
| enum: |
| - cloud-config |
| type: string |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm |
| init` time and describes a set of Bootstrap Tokens to |
| create. This information IS NOT uploaded to the kubeadm |
| cluster configmap, partly because of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap |
| token, stored as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message |
| why this token exists and what it's used for, |
| so other administrators can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when |
| this token expires. Defaults to being set dynamically |
| at runtime based on the TTL. Expires and TTL are |
| mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that |
| this token will authenticate as when/if used for |
| authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for |
| joining nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this |
| token. Defaults to 24h. Expires and TTL are mutually |
| exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which |
| this token can be used. Can by default be used |
| for establishing bidirectional trust, but that |
| can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance that's deployed on this control |
| plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global |
| endpoint for the cluster, which then loadbalances the |
| requests to each individual API server. This configuration |
| object lets you customize what IP/DNS name and port |
| the local API server advertises it's accessible on. |
| By default, kubeadm tries to auto-detect the IP of the |
| default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the |
| API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice |
| of pre-flight errors to be ignored when the current |
| node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| {}` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration |
| for the join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate |
| authority used to secure comunications between node |
| and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". |
| TODO: revisit when there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control |
| plane instance to be deployed on the joining node. If |
| nil, no additional control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance to be deployed on this |
| node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for |
| the API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the |
| kubelet to use during the TLS Bootstrap process TODO: |
| revisit when there is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options |
| for bootstrap token based discovery BootstrapToken |
| and File are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain |
| name to the API server from which info will |
| be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of |
| public key pins to verify when token-based discovery |
| is used. The root CA found during discovery |
| must match one of these values. Specifying an |
| empty set disables root CA pinning, which can |
| be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject |
| Public Key Info (SPKI) object in DER-encoded |
| ASN.1. These hashes can be calculated using, |
| for example, OpenSSL: openssl x509 -pubkey -in |
| ca.crt openssl rsa -pubin -outform der 2>&/dev/null |
| | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate |
| cluster information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since |
| other nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| type: object |
| file: |
| description: File is used to specify a file or URL |
| to a kubeconfig file from which to load cluster |
| information BootstrapToken and File are mutually |
| exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify |
| the actual file path or URL to the kubeconfig |
| file from which to load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: TLSBootstrapToken is a token used for |
| TLS bootstrapping. If .BootstrapToken is set, this |
| field is defaulted to .BootstrapToken.Token, but |
| can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain |
| any other authentication information |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice |
| of pre-flight errors to be ignored when the current |
| node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| {}` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be |
| setup. |
| items: |
| description: MountPoints defines input for generated mounts |
| in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands |
| to run after kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to |
| run before kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm |
| command with a shell script with retries for joins. \n This |
| is meant to be an experimental temporary workaround on some |
| environments where joins fail due to timing (and other issues). |
| The long term goal is to add retries to kubeadm proper and |
| use that functionality. \n This will add about 40KB to userdata |
| \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user |
| in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the |
| user |
| type: string |
| groups: |
| description: Groups specifies the additional groups |
| for the user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to |
| use for the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the |
| user as inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login |
| should be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for |
| the user |
| type: string |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group |
| for the user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh |
| authorized keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level |
| verbosity. It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| required: |
| - template |
| type: object |
| type: object |
| served: true |
| storage: false |
| subresources: {} |
| - additionalPrinterColumns: |
| - description: Time duration since creation of KubeadmConfigTemplate |
| jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1beta1 |
| schema: |
| openAPIV3Schema: |
| description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates |
| API. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. |
| properties: |
| template: |
| description: KubeadmConfigTemplateResource defines the Template structure. |
| properties: |
| spec: |
| description: KubeadmConfigSpec defines the desired state of KubeadmConfig. |
| Either ClusterConfiguration and InitConfiguration should be |
| defined or the JoinConfiguration should be defined. |
| properties: |
| clusterConfiguration: |
| description: ClusterConfiguration along with InitConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiServer: |
| description: APIServer contains extra settings for the |
| API server control plane component |
| properties: |
| certSANs: |
| description: CertSANs sets extra Subject Alternative |
| Names for the API Server signing cert. |
| items: |
| type: string |
| type: array |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| timeoutForControlPlane: |
| description: TimeoutForControlPlane controls the timeout |
| that we use for API server to appear |
| type: string |
| type: object |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| certificatesDir: |
| description: 'CertificatesDir specifies where to store |
| or look for all required certificates. NB: if not provided, |
| this will default to `/etc/kubernetes/pki`' |
| type: string |
| clusterName: |
| description: The cluster name |
| type: string |
| controlPlaneEndpoint: |
| description: 'ControlPlaneEndpoint sets a stable IP address |
| or DNS name for the control plane; it can be a valid |
| IP address or a RFC-1123 DNS subdomain, both with optional |
| TCP port. In case the ControlPlaneEndpoint is not specified, |
| the AdvertiseAddress + BindPort are used; in case the |
| ControlPlaneEndpoint is specified but without a TCP |
| port, the BindPort is used. Possible usages are: e.g. |
| In a cluster with more than one control plane instances, |
| this field should be assigned the address of the external |
| load balancer in front of the control plane instances. |
| e.g. in environments with enforced node recycling, |
| the ControlPlaneEndpoint could be used for assigning |
| a stable DNS to the control plane. NB: This value defaults |
| to the first value in the Cluster object status.apiEndpoints |
| array.' |
| type: string |
| controllerManager: |
| description: ControllerManager contains extra settings |
| for the controller manager control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| dns: |
| description: DNS defines the options for the DNS add-on |
| installed in the cluster. |
| properties: |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. if not set, the ImageRepository |
| defined in ClusterConfiguration will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag for |
| the image. In case this value is set, kubeadm does |
| not change automatically the version of the above |
| components during upgrades. |
| type: string |
| type: object |
| etcd: |
| description: 'Etcd holds configuration for etcd. NB: This |
| value defaults to a Local (stacked) etcd' |
| properties: |
| external: |
| description: External describes how to connect to |
| an external etcd cluster Local and External are |
| mutually exclusive |
| properties: |
| caFile: |
| description: CAFile is an SSL Certificate Authority |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| certFile: |
| description: CertFile is an SSL certification |
| file used to secure etcd communication. Required |
| if using a TLS connection. |
| type: string |
| endpoints: |
| description: Endpoints of etcd members. Required |
| for ExternalEtcd. |
| items: |
| type: string |
| type: array |
| keyFile: |
| description: KeyFile is an SSL key file used to |
| secure etcd communication. Required if using |
| a TLS connection. |
| type: string |
| required: |
| - caFile |
| - certFile |
| - endpoints |
| - keyFile |
| type: object |
| local: |
| description: Local provides configuration knobs for |
| configuring the local etcd instance Local and External |
| are mutually exclusive |
| properties: |
| dataDir: |
| description: DataDir is the directory etcd will |
| place its data. Defaults to "/var/lib/etcd". |
| type: string |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: ExtraArgs are extra arguments provided |
| to the etcd binary when run inside a static |
| pod. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container |
| registry to pull images from. if not set, the |
| ImageRepository defined in ClusterConfiguration |
| will be used instead. |
| type: string |
| imageTag: |
| description: ImageTag allows to specify a tag |
| for the image. In case this value is set, kubeadm |
| does not change automatically the version of |
| the above components during upgrades. |
| type: string |
| peerCertSANs: |
| description: PeerCertSANs sets extra Subject Alternative |
| Names for the etcd peer signing cert. |
| items: |
| type: string |
| type: array |
| serverCertSANs: |
| description: ServerCertSANs sets extra Subject |
| Alternative Names for the etcd server signing |
| cert. |
| items: |
| type: string |
| type: array |
| type: object |
| type: object |
| featureGates: |
| additionalProperties: |
| type: boolean |
| description: FeatureGates enabled by the user. |
| type: object |
| imageRepository: |
| description: ImageRepository sets the container registry |
| to pull images from. If empty, `registry.k8s.io` will |
| be used by default; in case of kubernetes version is |
| a CI build (kubernetes version starts with `ci/` or |
| `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be |
| used as a default for control plane components and for |
| kube-proxy, while `registry.k8s.io` will be used for |
| all the other images. |
| type: string |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| kubernetesVersion: |
| description: 'KubernetesVersion is the target version |
| of the control plane. NB: This value defaults to the |
| Machine object spec.version' |
| type: string |
| networking: |
| description: 'Networking holds configuration for the networking |
| topology of the cluster. NB: This value defaults to |
| the Cluster object spec.clusterNetwork.' |
| properties: |
| dnsDomain: |
| description: DNSDomain is the dns domain used by k8s |
| services. Defaults to "cluster.local". |
| type: string |
| podSubnet: |
| description: PodSubnet is the subnet used by pods. |
| If unset, the API server will not allocate CIDR |
| ranges for every node. Defaults to a comma-delimited |
| string of the Cluster object's spec.clusterNetwork.services.cidrBlocks |
| if that is set |
| type: string |
| serviceSubnet: |
| description: ServiceSubnet is the subnet used by k8s |
| services. Defaults to a comma-delimited string of |
| the Cluster object's spec.clusterNetwork.pods.cidrBlocks, |
| or to "10.96.0.0/12" if that's unset. |
| type: string |
| type: object |
| scheduler: |
| description: Scheduler contains extra settings for the |
| scheduler control plane component |
| properties: |
| extraArgs: |
| additionalProperties: |
| type: string |
| description: 'ExtraArgs is an extra set of flags to |
| pass to the control plane component. TODO: This |
| is temporary and ideally we would like to switch |
| all components to use ComponentConfig + ConfigMaps.' |
| type: object |
| extraVolumes: |
| description: ExtraVolumes is an extra set of host |
| volumes, mounted to the control plane component. |
| items: |
| description: HostPathMount contains elements describing |
| volumes that are mounted from the host. |
| properties: |
| hostPath: |
| description: HostPath is the path in the host |
| that will be mounted inside the pod. |
| type: string |
| mountPath: |
| description: MountPath is the path inside the |
| pod where hostPath will be mounted. |
| type: string |
| name: |
| description: Name of the volume inside the pod |
| template. |
| type: string |
| pathType: |
| description: PathType is the type of the HostPath. |
| type: string |
| readOnly: |
| description: ReadOnly controls write access |
| to the volume |
| type: boolean |
| required: |
| - hostPath |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| diskSetup: |
| description: DiskSetup specifies options for the creation |
| of partition tables and file systems on devices. |
| properties: |
| filesystems: |
| description: Filesystems specifies the list of file systems |
| to setup. |
| items: |
| description: Filesystem defines the file systems to |
| be created. |
| properties: |
| device: |
| description: Device specifies the device name |
| type: string |
| extraOpts: |
| description: ExtraOpts defined extra options to |
| add to the command for creating the file system. |
| items: |
| type: string |
| type: array |
| filesystem: |
| description: Filesystem specifies the file system |
| type. |
| type: string |
| label: |
| description: Label specifies the file system label |
| to be used. If set to None, no label is used. |
| type: string |
| overwrite: |
| description: Overwrite defines whether or not to |
| overwrite any existing filesystem. If true, any |
| pre-existing file system will be destroyed. Use |
| with Caution. |
| type: boolean |
| partition: |
| description: 'Partition specifies the partition |
| to use. The valid options are: "auto|any", "auto", |
| "any", "none", and <NUM>, where NUM is the actual |
| partition number.' |
| type: string |
| replaceFS: |
| description: 'ReplaceFS is a special directive, |
| used for Microsoft Azure that instructs cloud-init |
| to replace a file system of <FS_TYPE>. NOTE: unless |
| you define a label, this requires the use of the |
| ''any'' partition directive.' |
| type: string |
| required: |
| - device |
| - filesystem |
| - label |
| type: object |
| type: array |
| partitions: |
| description: Partitions specifies the list of the partitions |
| to setup. |
| items: |
| description: Partition defines how to create and layout |
| a partition. |
| properties: |
| device: |
| description: Device is the name of the device. |
| type: string |
| layout: |
| description: Layout specifies the device layout. |
| If it is true, a single partition will be created |
| for the entire device. When layout is false, it |
| means don't partition or ignore existing partitioning. |
| type: boolean |
| overwrite: |
| description: Overwrite describes whether to skip |
| checks and create the partition if a partition |
| or filesystem is found on the device. Use with |
| caution. Default is 'false'. |
| type: boolean |
| tableType: |
| description: 'TableType specifies the tupe of partition |
| table. The following are supported: ''mbr'': default |
| and setups a MS-DOS partition table ''gpt'': setups |
| a GPT partition table' |
| type: string |
| required: |
| - device |
| - layout |
| type: object |
| type: array |
| type: object |
| files: |
| description: Files specifies extra files to be passed to user_data |
| upon creation. |
| items: |
| description: File defines the input for generating write_files |
| in cloud-init. |
| properties: |
| append: |
| description: Append specifies whether to append Content |
| to existing file if Path exists. |
| type: boolean |
| content: |
| description: Content is the actual content of the file. |
| type: string |
| contentFrom: |
| description: ContentFrom is a referenced source of content |
| to populate the file. |
| properties: |
| secret: |
| description: Secret represents a secret that should |
| populate this file. |
| properties: |
| key: |
| description: Key is the key in the secret's |
| data map for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| encoding: |
| description: Encoding specifies the encoding of the |
| file contents. |
| enum: |
| - base64 |
| - gzip |
| - gzip+base64 |
| type: string |
| owner: |
| description: Owner specifies the ownership of the file, |
| e.g. "root:root". |
| type: string |
| path: |
| description: Path specifies the full path on disk where |
| to store the file. |
| type: string |
| permissions: |
| description: Permissions specifies the permissions to |
| assign to the file, e.g. "0640". |
| type: string |
| required: |
| - path |
| type: object |
| type: array |
| format: |
| description: Format specifies the output format of the bootstrap |
| data |
| enum: |
| - cloud-config |
| - ignition |
| type: string |
| ignition: |
| description: Ignition contains Ignition specific configuration. |
| properties: |
| containerLinuxConfig: |
| description: ContainerLinuxConfig contains CLC specific |
| configuration. |
| properties: |
| additionalConfig: |
| description: "AdditionalConfig contains additional |
| configuration to be merged with the Ignition configuration |
| generated by the bootstrapper controller. More info: |
| https://coreos.github.io/ignition/operator-notes/#config-merging |
| \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" |
| type: string |
| strict: |
| description: Strict controls if AdditionalConfig should |
| be strictly parsed. If so, warnings are treated |
| as errors. |
| type: boolean |
| type: object |
| type: object |
| initConfiguration: |
| description: InitConfiguration along with ClusterConfiguration |
| are the configurations necessary for the init command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| bootstrapTokens: |
| description: BootstrapTokens is respected at `kubeadm |
| init` time and describes a set of Bootstrap Tokens to |
| create. This information IS NOT uploaded to the kubeadm |
| cluster configmap, partly because of its sensitive nature |
| items: |
| description: BootstrapToken describes one bootstrap |
| token, stored as a Secret in the cluster. |
| properties: |
| description: |
| description: Description sets a human-friendly message |
| why this token exists and what it's used for, |
| so other administrators can know its purpose. |
| type: string |
| expires: |
| description: Expires specifies the timestamp when |
| this token expires. Defaults to being set dynamically |
| at runtime based on the TTL. Expires and TTL are |
| mutually exclusive. |
| format: date-time |
| type: string |
| groups: |
| description: Groups specifies the extra groups that |
| this token will authenticate as when/if used for |
| authentication |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is used for establishing bidirectional |
| trust between nodes and control-planes. Used for |
| joining nodes in the cluster. |
| type: string |
| ttl: |
| description: TTL defines the time to live for this |
| token. Defaults to 24h. Expires and TTL are mutually |
| exclusive. |
| type: string |
| usages: |
| description: Usages describes the ways in which |
| this token can be used. Can by default be used |
| for establishing bidirectional trust, but that |
| can be changed here. |
| items: |
| type: string |
| type: array |
| required: |
| - token |
| type: object |
| type: array |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance that's deployed on this control |
| plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint |
| in the sense that ControlPlaneEndpoint is the global |
| endpoint for the cluster, which then loadbalances the |
| requests to each individual API server. This configuration |
| object lets you customize what IP/DNS name and port |
| the local API server advertises it's accessible on. |
| By default, kubeadm tries to auto-detect the IP of the |
| default interface and use that, but in case that process |
| fails you may set the desired value here. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for the |
| API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice |
| of pre-flight errors to be ignored when the current |
| node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| []` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| patches: |
| description: Patches contains options related to applying |
| patches to components deployed by kubeadm during "kubeadm |
| init". The minimum kubernetes version needed to support |
| Patches is v1.22 |
| properties: |
| directory: |
| description: Directory is a path to a directory that |
| contains files named "target[suffix][+patchtype].extension". |
| For example, "kube-apiserver0+merge.yaml" or just |
| "etcd.json". "target" can be one of "kube-apiserver", |
| "kube-controller-manager", "kube-scheduler", "etcd". |
| "patchtype" can be one of "strategic" "merge" or |
| "json" and they match the patch formats supported |
| by kubectl. The default "patchtype" is "strategic". |
| "extension" must be either "json" or "yaml". "suffix" |
| is an optional string that can be used to determine |
| which patches are applied first alpha-numerically. |
| These files can be written into the target directory |
| via KubeadmConfig.Files which specifies additional |
| files to be created on the machine, either with |
| content inline or by referencing a secret. |
| type: string |
| type: object |
| skipPhases: |
| description: SkipPhases is a list of phases to skip during |
| command execution. The list of phases can be obtained |
| with the "kubeadm init --help" command. This option |
| takes effect only on Kubernetes >=1.22.0. |
| items: |
| type: string |
| type: array |
| type: object |
| joinConfiguration: |
| description: JoinConfiguration is the kubeadm configuration |
| for the join command |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema |
| of this representation of an object. Servers should |
| convert recognized schemas to the latest internal value, |
| and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| caCertPath: |
| description: 'CACertPath is the path to the SSL certificate |
| authority used to secure comunications between node |
| and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". |
| TODO: revisit when there is defaulting from k/k' |
| type: string |
| controlPlane: |
| description: ControlPlane defines the additional control |
| plane instance to be deployed on the joining node. If |
| nil, no additional control plane instance will be deployed. |
| properties: |
| localAPIEndpoint: |
| description: LocalAPIEndpoint represents the endpoint |
| of the API server instance to be deployed on this |
| node. |
| properties: |
| advertiseAddress: |
| description: AdvertiseAddress sets the IP address |
| for the API server to advertise. |
| type: string |
| bindPort: |
| description: BindPort sets the secure port for |
| the API Server to bind to. Defaults to 6443. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| discovery: |
| description: 'Discovery specifies the options for the |
| kubelet to use during the TLS Bootstrap process TODO: |
| revisit when there is defaulting from k/k' |
| properties: |
| bootstrapToken: |
| description: BootstrapToken is used to set the options |
| for bootstrap token based discovery BootstrapToken |
| and File are mutually exclusive |
| properties: |
| apiServerEndpoint: |
| description: APIServerEndpoint is an IP or domain |
| name to the API server from which info will |
| be fetched. |
| type: string |
| caCertHashes: |
| description: 'CACertHashes specifies a set of |
| public key pins to verify when token-based discovery |
| is used. The root CA found during discovery |
| must match one of these values. Specifying an |
| empty set disables root CA pinning, which can |
| be unsafe. Each hash is specified as "<type>:<value>", |
| where the only currently supported type is "sha256". |
| This is a hex-encoded SHA-256 hash of the Subject |
| Public Key Info (SPKI) object in DER-encoded |
| ASN.1. These hashes can be calculated using, |
| for example, OpenSSL: openssl x509 -pubkey -in |
| ca.crt openssl rsa -pubin -outform der 2>&/dev/null |
| | openssl dgst -sha256 -hex' |
| items: |
| type: string |
| type: array |
| token: |
| description: Token is a token used to validate |
| cluster information fetched from the control-plane. |
| type: string |
| unsafeSkipCAVerification: |
| description: UnsafeSkipCAVerification allows token-based |
| discovery without CA verification via CACertHashes. |
| This can weaken the security of kubeadm since |
| other nodes can impersonate the control-plane. |
| type: boolean |
| required: |
| - token |
| type: object |
| file: |
| description: File is used to specify a file or URL |
| to a kubeconfig file from which to load cluster |
| information BootstrapToken and File are mutually |
| exclusive |
| properties: |
| kubeConfigPath: |
| description: KubeConfigPath is used to specify |
| the actual file path or URL to the kubeconfig |
| file from which to load cluster information |
| type: string |
| required: |
| - kubeConfigPath |
| type: object |
| timeout: |
| description: Timeout modifies the discovery timeout |
| type: string |
| tlsBootstrapToken: |
| description: TLSBootstrapToken is a token used for |
| TLS bootstrapping. If .BootstrapToken is set, this |
| field is defaulted to .BootstrapToken.Token, but |
| can be overridden. If .File is set, this field **must |
| be set** in case the KubeConfigFile does not contain |
| any other authentication information |
| type: string |
| type: object |
| kind: |
| description: 'Kind is a string value representing the |
| REST resource this object represents. Servers may infer |
| this from the endpoint the client submits requests to. |
| Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| nodeRegistration: |
| description: NodeRegistration holds fields that relate |
| to registering the new control-plane node to the cluster. |
| When used in the context of control plane nodes, NodeRegistration |
| should remain consistent across both InitConfiguration |
| and JoinConfiguration |
| properties: |
| criSocket: |
| description: CRISocket is used to retrieve container |
| runtime info. This information will be annotated |
| to the Node API object, for later re-use |
| type: string |
| ignorePreflightErrors: |
| description: IgnorePreflightErrors provides a slice |
| of pre-flight errors to be ignored when the current |
| node is registered. |
| items: |
| type: string |
| type: array |
| kubeletExtraArgs: |
| additionalProperties: |
| type: string |
| description: KubeletExtraArgs passes through extra |
| arguments to the kubelet. The arguments here are |
| passed to the kubelet command line via the environment |
| file kubeadm writes at runtime for the kubelet to |
| source. This overrides the generic base-level configuration |
| in the kubelet-config-1.X ConfigMap Flags have higher |
| priority when parsing. These values are local and |
| specific to the node kubeadm is executing on. |
| type: object |
| name: |
| description: Name is the `.Metadata.Name` field of |
| the Node API object that will be created in this |
| `kubeadm init` or `kubeadm join` operation. This |
| field is also used in the CommonName field of the |
| kubelet's client certificate to the API server. |
| Defaults to the hostname of the node if not provided. |
| type: string |
| taints: |
| description: 'Taints specifies the taints the Node |
| API object should be registered with. If this field |
| is unset, i.e. nil, in the `kubeadm init` process |
| it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. |
| If you don''t want to taint your control-plane node, |
| set this field to an empty slice, i.e. `taints: |
| []` in the YAML file. This field is solely used |
| for Node registration.' |
| items: |
| description: The node this Taint is attached to |
| has the "effect" on any pod that does not tolerate |
| the Taint. |
| properties: |
| effect: |
| description: Required. The effect of the taint |
| on pods that do not tolerate the taint. Valid |
| effects are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Required. The taint key to be applied |
| to a node. |
| type: string |
| timeAdded: |
| description: TimeAdded represents the time at |
| which the taint was added. It is only written |
| for NoExecute taints. |
| format: date-time |
| type: string |
| value: |
| description: The taint value corresponding to |
| the taint key. |
| type: string |
| required: |
| - effect |
| - key |
| type: object |
| type: array |
| type: object |
| patches: |
| description: Patches contains options related to applying |
| patches to components deployed by kubeadm during "kubeadm |
| join". The minimum kubernetes version needed to support |
| Patches is v1.22 |
| properties: |
| directory: |
| description: Directory is a path to a directory that |
| contains files named "target[suffix][+patchtype].extension". |
| For example, "kube-apiserver0+merge.yaml" or just |
| "etcd.json". "target" can be one of "kube-apiserver", |
| "kube-controller-manager", "kube-scheduler", "etcd". |
| "patchtype" can be one of "strategic" "merge" or |
| "json" and they match the patch formats supported |
| by kubectl. The default "patchtype" is "strategic". |
| "extension" must be either "json" or "yaml". "suffix" |
| is an optional string that can be used to determine |
| which patches are applied first alpha-numerically. |
| These files can be written into the target directory |
| via KubeadmConfig.Files which specifies additional |
| files to be created on the machine, either with |
| content inline or by referencing a secret. |
| type: string |
| type: object |
| skipPhases: |
| description: SkipPhases is a list of phases to skip during |
| command execution. The list of phases can be obtained |
| with the "kubeadm init --help" command. This option |
| takes effect only on Kubernetes >=1.22.0. |
| items: |
| type: string |
| type: array |
| type: object |
| mounts: |
| description: Mounts specifies a list of mount points to be |
| setup. |
| items: |
| description: MountPoints defines input for generated mounts |
| in cloud-init. |
| items: |
| type: string |
| type: array |
| type: array |
| ntp: |
| description: NTP specifies NTP configuration |
| properties: |
| enabled: |
| description: Enabled specifies whether NTP should be enabled |
| type: boolean |
| servers: |
| description: Servers specifies which NTP servers to use |
| items: |
| type: string |
| type: array |
| type: object |
| postKubeadmCommands: |
| description: PostKubeadmCommands specifies extra commands |
| to run after kubeadm runs |
| items: |
| type: string |
| type: array |
| preKubeadmCommands: |
| description: PreKubeadmCommands specifies extra commands to |
| run before kubeadm runs |
| items: |
| type: string |
| type: array |
| useExperimentalRetryJoin: |
| description: "UseExperimentalRetryJoin replaces a basic kubeadm |
| command with a shell script with retries for joins. \n This |
| is meant to be an experimental temporary workaround on some |
| environments where joins fail due to timing (and other issues). |
| The long term goal is to add retries to kubeadm proper and |
| use that functionality. \n This will add about 40KB to userdata |
| \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. |
| \n Deprecated: This experimental fix is no longer needed |
| and this field will be removed in a future release. When |
| removing also remove from staticcheck exclude-rules for |
| SA1019 in golangci.yml" |
| type: boolean |
| users: |
| description: Users specifies extra users to add |
| items: |
| description: User defines the input for a generated user |
| in cloud-init. |
| properties: |
| gecos: |
| description: Gecos specifies the gecos to use for the |
| user |
| type: string |
| groups: |
| description: Groups specifies the additional groups |
| for the user |
| type: string |
| homeDir: |
| description: HomeDir specifies the home directory to |
| use for the user |
| type: string |
| inactive: |
| description: Inactive specifies whether to mark the |
| user as inactive |
| type: boolean |
| lockPassword: |
| description: LockPassword specifies if password login |
| should be disabled |
| type: boolean |
| name: |
| description: Name specifies the user name |
| type: string |
| passwd: |
| description: Passwd specifies a hashed password for |
| the user |
| type: string |
| passwdFrom: |
| description: PasswdFrom is a referenced source of passwd |
| to populate the passwd. |
| properties: |
| secret: |
| description: Secret represents a secret that should |
| populate this password. |
| properties: |
| key: |
| description: Key is the key in the secret's |
| data map for this value. |
| type: string |
| name: |
| description: Name of the secret in the KubeadmBootstrapConfig's |
| namespace to use. |
| type: string |
| required: |
| - key |
| - name |
| type: object |
| required: |
| - secret |
| type: object |
| primaryGroup: |
| description: PrimaryGroup specifies the primary group |
| for the user |
| type: string |
| shell: |
| description: Shell specifies the user's shell |
| type: string |
| sshAuthorizedKeys: |
| description: SSHAuthorizedKeys specifies a list of ssh |
| authorized keys for the user |
| items: |
| type: string |
| type: array |
| sudo: |
| description: Sudo specifies a sudo role for the user |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| verbosity: |
| description: Verbosity is the number for the kubeadm log level |
| verbosity. It overrides the `--v` flag in kubeadm commands. |
| format: int32 |
| type: integer |
| type: object |
| type: object |
| required: |
| - template |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: {} |
| status: |
| acceptedNames: |
| kind: "" |
| plural: "" |
| conditions: null |
| storedVersions: null |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-manager |
| namespace: capi-kubeadm-bootstrap-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: Role |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-leader-election-role |
| namespace: capi-kubeadm-bootstrap-system |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - events |
| verbs: |
| - create |
| - apiGroups: |
| - coordination.k8s.io |
| resources: |
| - leases |
| verbs: |
| - get |
| - list |
| - watch |
| - create |
| - update |
| - patch |
| - delete |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| - events |
| - secrets |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - bootstrap.cluster.x-k8s.io |
| resources: |
| - kubeadmconfigs |
| - kubeadmconfigs/finalizers |
| - kubeadmconfigs/status |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - cluster.x-k8s.io |
| resources: |
| - clusters |
| - clusters/status |
| - machinepools |
| - machinepools/status |
| - machines |
| - machines/status |
| - machinesets |
| verbs: |
| - get |
| - list |
| - watch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-leader-election-rolebinding |
| namespace: capi-kubeadm-bootstrap-system |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: capi-kubeadm-bootstrap-leader-election-role |
| subjects: |
| - kind: ServiceAccount |
| name: capi-kubeadm-bootstrap-manager |
| namespace: capi-kubeadm-bootstrap-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role |
| subjects: |
| - kind: ServiceAccount |
| name: capi-kubeadm-bootstrap-manager |
| namespace: capi-kubeadm-bootstrap-system |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| spec: |
| ports: |
| - port: 443 |
| targetPort: webhook-server |
| selector: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| control-plane: controller-manager |
| name: capi-kubeadm-bootstrap-controller-manager |
| namespace: capi-kubeadm-bootstrap-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| control-plane: controller-manager |
| strategy: {} |
| template: |
| metadata: |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| control-plane: controller-manager |
| spec: |
| containers: |
| - args: |
| - --leader-elect |
| - --metrics-bind-addr=localhost:8080 |
| - --feature-gates=MachinePool=false,KubeadmBootstrapFormatIgnition=false |
| - --bootstrap-token-ttl=15m |
| command: |
| - /manager |
| image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.3.0 |
| imagePullPolicy: IfNotPresent |
| livenessProbe: |
| httpGet: |
| path: /healthz |
| port: healthz |
| name: manager |
| ports: |
| - containerPort: 9443 |
| name: webhook-server |
| protocol: TCP |
| - containerPort: 9440 |
| name: healthz |
| protocol: TCP |
| readinessProbe: |
| httpGet: |
| path: /readyz |
| port: healthz |
| resources: {} |
| volumeMounts: |
| - mountPath: /tmp/k8s-webhook-server/serving-certs |
| name: cert |
| readOnly: true |
| serviceAccountName: capi-kubeadm-bootstrap-manager |
| terminationGracePeriodSeconds: 10 |
| tolerations: |
| - effect: NoSchedule |
| key: node-role.kubernetes.io/master |
| - effect: NoSchedule |
| key: node-role.kubernetes.io/control-plane |
| volumes: |
| - name: cert |
| secret: |
| secretName: capi-kubeadm-bootstrap-webhook-service-cert |
| status: {} |
| --- |
| apiVersion: cert-manager.io/v1 |
| kind: Certificate |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-serving-cert |
| namespace: capi-kubeadm-bootstrap-system |
| spec: |
| dnsNames: |
| - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc |
| - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local |
| issuerRef: |
| kind: Issuer |
| name: capi-kubeadm-bootstrap-selfsigned-issuer |
| secretName: capi-kubeadm-bootstrap-webhook-service-cert |
| subject: |
| organizations: |
| - k8s-sig-cluster-lifecycle |
| --- |
| apiVersion: cert-manager.io/v1 |
| kind: Issuer |
| metadata: |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-selfsigned-issuer |
| namespace: capi-kubeadm-bootstrap-system |
| spec: |
| selfSigned: {} |
| --- |
| apiVersion: admissionregistration.k8s.io/v1 |
| kind: MutatingWebhookConfiguration |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-mutating-webhook-configuration |
| webhooks: |
| - admissionReviewVersions: |
| - v1 |
| - v1beta1 |
| clientConfig: |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig |
| failurePolicy: Fail |
| name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io |
| rules: |
| - apiGroups: |
| - bootstrap.cluster.x-k8s.io |
| apiVersions: |
| - v1beta1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - kubeadmconfigs |
| sideEffects: None |
| - admissionReviewVersions: |
| - v1 |
| - v1beta1 |
| clientConfig: |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate |
| failurePolicy: Fail |
| name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io |
| rules: |
| - apiGroups: |
| - bootstrap.cluster.x-k8s.io |
| apiVersions: |
| - v1beta1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - kubeadmconfigtemplates |
| sideEffects: None |
| --- |
| apiVersion: admissionregistration.k8s.io/v1 |
| kind: ValidatingWebhookConfiguration |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert |
| creationTimestamp: null |
| labels: |
| cluster.x-k8s.io/provider: bootstrap-kubeadm |
| clusterctl.cluster.x-k8s.io: "" |
| name: capi-kubeadm-bootstrap-validating-webhook-configuration |
| webhooks: |
| - admissionReviewVersions: |
| - v1 |
| - v1beta1 |
| clientConfig: |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig |
| failurePolicy: Fail |
| matchPolicy: Equivalent |
| name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io |
| rules: |
| - apiGroups: |
| - bootstrap.cluster.x-k8s.io |
| apiVersions: |
| - v1beta1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - kubeadmconfigs |
| sideEffects: None |
| - admissionReviewVersions: |
| - v1 |
| - v1beta1 |
| clientConfig: |
| service: |
| name: capi-kubeadm-bootstrap-webhook-service |
| namespace: capi-kubeadm-bootstrap-system |
| path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate |
| failurePolicy: Fail |
| matchPolicy: Equivalent |
| name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io |
| rules: |
| - apiGroups: |
| - bootstrap.cluster.x-k8s.io |
| apiVersions: |
| - v1beta1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - kubeadmconfigtemplates |
| sideEffects: None |